dune-updater/aws.js at main · LIT-Protocol/dune-updater · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
import { fromTemporaryCredentials } from "@aws-sdk/credential-providers";

export async function getAwsCredentials(targetEnv) {
  if (
    targetEnv !== "WrappedKeysProduction" &&
    targetEnv !== "WrappedKeysTestNetworks"
  ) {
    throw new Error("Invalid target environment");
  }

  // See above JSON
  const iamUserCredentials = {
    accessKeyId: process.env.AWS_IAM_ACCESS_KEY,
    secretAccessKey: process.env.AWS_IAM_SECRET_KEY,
  };

  // The roles to assume per environment
  const roleArns = {
    WrappedKeysProduction:
      "arn:aws:iam::654654530379:role/AllowReadPubkeysExportS3Bucket",
    WrappedKeysTestNetworks:
      "arn:aws:iam::590183654417:role/AllowReadPubkeysExportS3Bucket",
  };

  const roleToAssume = roleArns[targetEnv];

  // Use fromTemporaryCredentials to automatically handle AssumeRole + token injection
  const assumedCredentials = fromTemporaryCredentials({
    params: {
      RoleArn: roleToAssume,
      RoleSessionName: `svc-session-${targetEnv}`,
    },
    masterCredentials: iamUserCredentials,
  });

  return assumedCredentials;
}